CAS Cluster Secondary cannot reach gateway

I've got CAS applianaces I just upgraded to 4.6.1; issue was also present in 4.3.1. The CAS are configured in a L2 OOB configuration, with a management vlan. The management gateway is made up of 3 routers running hsrp.

The primary, non-service IP is always available via the network, when the device A is active. The secondary, device B, is sometimes not reachable from the gateway. If I attempt to ping the gateway from the secondary, I get ping timeouts; if I run an arp -a, the arp table shows the gateway is reachable via:

at 00:01:02:03:04:05 [ether] PERM on fake0

A show arp on the active hsrp router shows the correct mac for the secondary, but the secondary is not reachable, until I perform an extended ping on the active hsrp router, to the secondary, sourced as the hsrp standby ip address, the gateway.

Any ideas what's causing this, and how to resolve, so the secondary can always reach the gateway?

Replies

This might be best tackled in a TAC case. What I can tell you though is that on the CAS the arp is not in the same place you'd expect. arp -a doesn't list the arp entries, but they're kept in separate tables for the internal and external interfaces.

Check out the /proc/click/intern_arpq/table for the untrusted side arp table and /proc/click/extern_arpq/table for the trusted interface's arp table.